The post How to Protect Your Credit Card Data Online appeared first on CISO MAG | Cyber Security Magazine.
]]>By Rudra Srinivas, Senior Feature Writer, CISO MAG
In Magecart attacks, also known as web-skimming or e-skimming, fraudsters inject malicious JavaScript code into website payment processing pages to steal customer payment card details. The malicious code then collects the users’ payment data while making purchases on the compromised website.
Trading and advertising credit card and banking information on dark web forums has become prevalent today. Cybersecurity researchers from Group-IB recently detected a post in which threat actors exposed compromised card details on various darknet forums, including crdclub and xss. The exposed file contained over one million stolen credit and debit card details belonging to over 1,000 banks across 100 countries, including India, the U.S., Mexico, Australia, and Brazil.
How to Protect Your Credit Card Data
1. Report Unusual Activity
Using multiple credit/debit cards online may result in unnecessary risks. Attackers could spy on other credit cards if one of your cards gets stolen or its data gets exposed. In the event of card loss and to avoid misuse of data, report to your banker immediately. Change your credentials (card and online banking) in case your card provider suffers a data breach.
2. Create Unique Passwords
Strong authentication comes first while talking about online security. Make sure you have complex and unique passwords/PINs to your online accounts. Remember to update your username and passwords regularly to reduce the risk of brute force attacks.
3. Shop Only on Trusted Sites
The proliferation of e-commerce sites also resulted in fake online stores. The operators of these stores harvest users’ private data to launch various financial frauds. Always shop on websites that you are familiar with. Check for ‘Https’ and the lock symbol to verify the authenticity of the site. Threat actors often steal users’ payment card details by directing them to fraudulent sites that impersonate legitimate brands. Also, don’t save your credit card details on e-commerce sites. For additional security, enter the card details like CVV number, card number, and expiry date each time you shop online.
4. Secure Your Device and Network
Always shop on a secure network. Cybercriminals often target devices using public Wi-Fi. Use a VPN to keep your browsing private and safe. Also, update your device regularly to fix unpatched vulnerabilities. Invest in good antivirus solution to avoid malware intrusions.
Wrap Up
A small amount of your credit card or banking data might cost you a fortune in case it falls into the wrong hands. Apart from financial discipline, having cyber discipline will certainly help in protecting your data and money.
About the Author:
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
More from the Rudra.
The post How to Protect Your Credit Card Data Online appeared first on CISO MAG | Cyber Security Magazine.
]]>The post From Data Leak to Dark Web: What Happens to Your Stolen Credit Card Data? appeared first on CISO MAG | Cyber Security Magazine.
]]>This article explains how attackers obtain financial data, what happens to stolen data, and how do criminals sell stolen credit card details on the dark web.
By Rudra Srinivas, Feature Writer, CISO MAG
How do Attackers Obtain Financial Data?
Usually, threat actors obtain credit card or payment information in two ways: after a data breach and/or via the e-skimming technique. Scammers pilfer sensitive data by exploiting a vulnerability/unsecured database containing valuable data. For instance, consider the Capital One data breach. Attackers exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data of over 100 million individuals in the U.S. and approximately six million in Canada.
In an e-skimming attack, also known as Web-skimming or Magecart attack, adversaries inject malicious JavaScript code into website payment processing pages to steal payment card details from customers. The malicious code then collects the payment info from users while making purchases on the infected site. Recently, Magecart operators compromised over 2,000 Magento online stores and stole tens of thousands of customers’ personal information. They injected malicious code on the website checkout pages to exfiltrate payment information.
What Happens to the Stolen Data?
Ever wondered where your stolen financial data is moved? Well, it is mostly misused by attackers for their criminal activities or it ends up on the dark web for sale. Cybercriminals often use the stolen financial data to make fraudulent purchases online or to compromise other accounts via credential stuffing attacks. Most scammers obtain credit card numbers and other financial data from various darknet forums.
An investigation from security research firm Cyble disclosed that threat actors kept details of 80,000 credit cards on the darknet forum for sale in exchange for cryptocurrency. It was found that the stolen credit card details include both Visa and MasterCard users from various countries, including 33,000 credit card details from the U.S.; 14,000 from France; 5,000 from the U.K.; 2,000 from Canada; 1,200 from Singapore; and 1,300 from India. The exposed information included cardholder name, CVV code, billing details, and expiration date, which were selling at $5 per card, paid in cryptocurrency.
How do Criminals Sell Stolen Credit Card Details on the Dark Web?
Cybercriminals trade their illicitly acquired data on various dark web/hacking forums by advertising or leaking a sample of the data to lure other malicious actors in the community. Recently, adversaries illicitly obtained over three million customers’ credit card information after compromising Dickey’s BBQ Pit Point-of-Sale (POS) systems in 156 restaurant locations. Attackers posted the stolen data for sale on Joker’s Stash, a dark web marketplace that exclusively trades stolen card data. The hackers’ group advertised a massive collection of payment card details for sale, dubbed “BLAZINGSUN,” at $17 per card.
Dark Web – The Hackers’ Paradise
From gamers’ cheat codes to users’ login credentials, everything is traded on darknet markets. Several new cybersecurity scams and malicious activities originate from these underground forums. Threat actors discuss and share knowledge on new hacking techniques and tools. Some senior threat groups even provide tutorials and share their attacking procedures to the budding hackers.
What’s the Worth of Your Stolen Data?
The stolen information is usually sold in exchange for Bitcoins. In some cases, cybercriminals leak the data they obtain on the dark web for free to threaten the victims in case they don’t receive the demanded ransom.
According to a recent investigation from Privacy Affairs, stolen users’ personal information like credit card details, online banking credentials, and social media logins are put up for sale on several darknet forums at low prices. Forged documents including passports, driving licenses, and auto-insurance cards are also available on these platforms. While online banking credentials cost an average of $35 on the dark web, credit card details including associated data are available for $12 to $20, respectively. Forged or counterfeit documents can be obtained for $1,500.
About the Author
Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
The post From Data Leak to Dark Web: What Happens to Your Stolen Credit Card Data? appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Only 1 in 4 Organizations Keep Payment Data Secure appeared first on CISO MAG | Cyber Security Magazine.
]]>The Verizon Business 2020 Payment Security Report pointed out that a lack of long-term payment security strategy and execution is among the key reasons why payment data is handled so precariously. Several companies are struggling to retain qualified CISOs or security managers, and this is another reason for this alarming trend that puts a dent on sustained compliance within the Payment Card Industry Data Security Standard (PCI DSS).
The report highlighted that only 27.9% of global organizations maintained full compliance with PCI DSS. Even here there has been a decline in compliance with a 27.5%-point drop since compliance peaked in 2016.
“Unfortunately, we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable,” said Sampath Sowmyanarayan, President, Global Enterprise, Verizon Business. “The recent coronavirus pandemic has driven consumers away from the traditional use of cash to contactless methods of payment with payment cards as well as mobile devices. This has generated more electronic payment data and consumers trust businesses to safeguard their information. Payment security has to be seen as an on-going business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers.”
The report also underscored that even security testing has taken a backseat for several companies where just a little over half the surveyed organizations successfully test security systems and processes as well as unmonitored system access. Here, only two-thirds of all businesses track and monitor access to business-critical systems adequately, while only 7 out of 10 financial institutions (70.6%) maintain essential perimeter security controls.
“This report is a welcome wake-up call to organizations that strong leadership is required to address failures to adequately manage payment security,” said Maxine Holt, Senior Research Director at Omdia.
The post Only 1 in 4 Organizations Keep Payment Data Secure appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Qbot Malware: An Old Banking Trojan Back with New Capabilities appeared first on CISO MAG | Cyber Security Magazine.
]]>Qbot malware, also known as Qakbot and Pinkslipbot, is a banking Trojan active since 2008. According to F5 Labs researchers, attackers are still using the Qbot malware with updated worm features to steal users’ keystrokes, deploy backdoors, and spread malware payloads on compromised devices. The researchers stated that the latest version of Qbot has detection and research-evasion techniques that hide the malware codes and escape from scanners and anti-software tools.
“Attackers usually infect victims using phishing techniques to lure victims to websites that use exploits to inject Qbot via a dropper. It does this through a combination of techniques that subvert the victim’s web sessions, including keylogging, credential theft, cookie exfiltration, and process hooking,” the researchers said.
Qbot’s Targets
According to the research analysis, the Qbot campaign is mainly focused on banks and financial firms in the U.S., targeting around 36 U.S. financial institutions and two banks in Canada and the Netherlands.
“Several samples of the malware from this year showed that Qbot’s focus is on banks in the United States. This appears to be a dedicated campaign with a browser hijack, or redirection, as the main attack method when the machine is infected. As Qbot watches a victim’s web traffic, it looks for specific financial services from which to harvest credentials,” the researchers added.
Attack Process
The researchers listed how Qbot infection proceeds on a targeted device:
- Qbot malware is loaded into the running explorer.exe memory from an executable file that is distributed via phishing mails or an open file share
- The malware then installs itself into the application folder’s default location, as defined in the %APPDATA% registry key
- Qbot creates a copy of itself in the specific registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run to run when the system reboots
- Later it drops a .dat file with a log of the system information and the botnet name
- The malware executes its copy from the %APPDATA% folder and replaces the originally infected file with a legitimate one
- Finally, Qbot creates an instance of explorer.exe and injects itself into it. Hackers then use the always-running explorer.exe process to update Qbot from their external command-and-control server
F5 Labs recommended certain security measures like using updated antivirus software, fixing critical flaws in applications and devices, and providing necessary security awareness training to workforce to defend against evolving malware threats.
The post Qbot Malware: An Old Banking Trojan Back with New Capabilities appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Cyberattack Hits P&N Bank, Confirms Data Breach appeared first on CISO MAG | Cyber Security Magazine.
]]>In an official notice, the financial services provider stated that the information breach occurred due to a cyberattack on its customer relationship management (CRM) platform during a server upgrade. However, the incident has not caused any loss of customer funds, customers’ credit card details, or banking passwords. Other data like driver’s license numbers, passport numbers, social security numbers, tax file numbers, or health data were not contained in the CRM, and hence not exposed.
The exposed information includes customer names, age details, residential addresses, email addresses, phone numbers, customer numbers, account numbers, and account balances.
P&N Bank was formerly known as the Police & Nurses Credit Society, hence most of the P&N Bank customers are police officers and nurses. P&N Bank stated that it is working with the Western Australian Police Force (WAPOL) and federal authorities to investigate the incident.
Describing the security incident, Andrew Hadley, CEO of P&N Bank, said, “Upon becoming aware of the attack, we immediately shut down the source of the vulnerability and have since been working closely with WAPOL, other federal authorities, our third-party IT provider involved, regulators and independent expert advisers to investigate and protect customers from any further risk. The safety and security of our members’ information and funds is our highest priority. Data protection continues to be a focus around the world, and financial systems will always present some degree of risk, so it is important to stress that in line with best practice, we have highly sophisticated security measures and controls in place to protect our customers’ accounts.”
The post Cyberattack Hits P&N Bank, Confirms Data Breach appeared first on CISO MAG | Cyber Security Magazine.
]]>The post CISO MAG Rewind: Biggest Financial Data Breaches of 2019 appeared first on CISO MAG | Cyber Security Magazine.
]]>The Banking and Financial sectors were hit with a constant stream of cyber-attacks when compared to other sectors. According to Intsights Q1 2019 report, around 25.7 percent of all malware attacks last year were targeted on banks and financial organizations.
The banks are increasing their budget allocation to enhance cybersecurity capabilities to protect against threats. Multiple banks and financial institutions reported critical data breaches, malware attacks, and other types of cyber-attacks this year, which include:
Dutch Bangla Bank Limited
Attackers scooped more than US$ 3 million from the Dutch Bangla Bank in Bangladesh by launching an ATM cash-out attack in May 2019. According to research firm Group-IB, a hacker group named “Silence” is likely behind the attack.
Group-IB stated the Silence group was active since 2016 and previously attacked banks in Russia, former Soviet states, and Eastern Europe. It’s said that the hacker group appears to have deployed a malicious code on the bank’s network to run malicious commands on hosts and allegedly used the access to orchestrate fund withdrawals from the bank’s ATMs, according to Group-IB.
First American Financial Corp
First American Financial Corp. suffered a data breach in May 2019, that compromised nearly 885 million files related to mortgage deeds, KrebsOnSecurity revealed. Based in California, First American provides title insurance and settlement services to the real estate and mortgage industries. The exposed information included bank account numbers and statements, mortgage and tax records, social security numbers, transaction receipts, and images of drivers’ licenses.
Westpac Data Breach
Cyber-attack on Westpac Banking Corporation exposed almost 100,000 Australians’ personal data. Westpac confirmed that it detected an unauthorized use of its payment platform PayID, which allowed instant transfer of money between banks using mobile number or email address. The incident exposed users’ phone numbers, email addresses, and transaction history. However, Westpac clarified that no customer bank account numbers were compromised in the incident.
“PayID allowed anyone to punch in a phone number and search for the account registered under it, along with the account holder’s name. Authorities suspect that fraudulent PayID accounts were used to generate a series of random lookups and collect data on almost 100,000 customers,” Westpac said in a statement.
Capital One Data Breach
Capital One Financial Corporation, a bank holding company, disclosed a data breach in July which affected approximately 100 million individuals in the United States and nearly 6 million in Canada. The company stated that the attacker exploited a specific configuration vulnerability in its digital infrastructure and allegedly accessed the data.
The compromised information included names, addresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, credit scores, and transaction data. However, Capital One clarified that no credit card account numbers or log-in credentials were compromised in the incident.
The FBI charged a suspect, Paige A. Thompson, with computer fraud and abuse. Thompson, who went by the hacker name ‘erratic’, allegedly exploited a misconfigured firewall to access the Capital One cloud repository and exfiltrate the data in March 2019.
Desjardins Group Breach
Canadian Credit Union Corporation, Desjardins Group, disclosed a data breach in July 2019. The incident occurred due to unauthorized use of internal data by an unidentified employee, Desjardins said. The breach exposed sensitive information of 2.7 million members which included home addresses, names, email addresses, and social insurance numbers.
Malware Targeting Indian Banks
Security experts discovered a malware that was intended to exploit ATMs of India Banks and steal customers’ sensitive information. The malware, dubbed ATMDtrack, allowed the attackers to read and store customers’ card data when they are inserted into the infected ATMs.
According to Konstantin Zykov, a researcher at Kaspersky Labs, the attacker who created the ATMDtrack was traced to the cyber-hacking outfit Lazarus Group controlled by North Korea’s primary intelligence bureau. The scandalous Lazarus Group is a prime suspect in a series of cyber-muggings, including the cyber- attack on Sony Pictures Entertainment in 2014, and the WannaCry ransomware attack in 2017.
Rudra Srinivas is part of the editorial team at CISO MAG and writes on cybersecurity trends and news features.
The post CISO MAG Rewind: Biggest Financial Data Breaches of 2019 appeared first on CISO MAG | Cyber Security Magazine.
]]>